4
I am wondering if a USB device could potentially be a security hole on a properly configured system just by being plugged in. This was inspired by a post on BitLocker, namely the phrase:
USB devices, after all, get direct access to the system's memory
As far as I know, USB devices don't literally have such access - right? But I can imagine a driver that gives a USB device such an ability.
Are any standard USB device drivers, shipped with Win7, known to expose arbitrary physical memory locations to the USB device?
1I'm almost sure that only Firewire and Thunderbolt devices get such access. – Dr McKay – 2011-05-29T18:03:04.397
I cannot imagine that such a flaw exists, as it would be very major and very simple. Poor proof I know but... – soandos – 2011-05-29T18:13:46.097
1@DrMcKay so could a specially crafted Thunderbolt device read all the physical memory in a system? Or only a subset of it that was reserved specifically for this purpose, wiped of any potentially sensitive previous data? – RomanSt – 2011-05-29T18:37:25.320
1
@romkyns Memory access is totally unrestricted. And yes, it's a whole memory.
– Dr McKay – 2011-05-29T21:28:58.727Mac: http://www.theregister.co.uk/2011/02/24/thunderbolt_mac_threat/ and Windows: http://www.friendsglobal.com/papers/FireWire%20Memory%20Dump%20of%20Windows%20XP.pdf (it's about Firewire as I have no idea if Windows supports Thunderbolt). In fact, both protocols give any device a blind trust.
I'm pretty sure most USB drivers run in user-mode now, so the whole physical memory access issue is non-existent. I'm writing some USB drivers right now actually, and don't see how I could gain access to anything until my device is initialized by some software. However, even if I were to have that ability, being in user-mode would just BSOD the system before anything happened. – Breakthrough – 2011-05-30T02:16:45.533
@Breakthrough sounds like an answer, why don't you post it and I'll accept :) – RomanSt – 2011-05-31T10:45:02.310